Hi, missing/wrong default gateway on the win machine? a post of your used firewall rules would be helpful greets /matthias > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of Marius > Sent: Wednesday, October 19, 2005 5:43 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Problem getting connection to terminal Server behind router > andfirewall > > > Hello, > > I have got following problem and would be happy about every > hint you can > give to me: > > Infrastructure: > =============== > > A router (AVM Fritz!Box Phone 7050 connected via > Broadband-Access to the > WWW, using an dynamic IP adress. It's neccesarry to use this > Router because > it includes a VoIP-telephone switchboard with QOS-Features. > External Adress: dynamic (WAN) > Internal Adress: 192.168.178.1 > > The dynamic Address is published through a dyndns-Account > > After the router there is my firewall, (SuSE 9.3, iptables). > The firewall is > based on a "harry's script" which was a little bit modified. > eth0: 192.168.178.100 (connected to the router) > eth1: 192.168.1.100 (connected to my LAN) > > With IP 192.168.1.101 there is a Microsoft Windows SBS Server > 2003 including > Terminal-Server Service reached via MS-Remote-Desktop (Port 3389) > > ToDo: > ===== > > The Terminal-Server should be reached from the www. > > This works fine as long as I don't have the Linux-Server in > my network. > If I change the MS SBS-IP to 192.168.178.101 for example and > configure the > router to forward all TCP 3389 requests to 192.178.101, > everything works as > it should. > > Problem: > ======== > > After the Linux-Firewall is between router an MS SBS, > Terminal-Server access > is not possible (all client services HTTP, HTTPS, POP3, > IMAP... work fine) > > I tried to ways: > > 1. Config the router to forward all TCP 3899 requests to the firewall > (192.168.178.100) On the firewall i put the setting: > iptables -t nat PREROUTING -p tcp --dport 3389 -j DNAT --to > 192.168.1.101:3389 and (another try) iptables -t nat PREROUTING -p tcp > --dport 3389 -j DNAT --to 192.168.1.101 > > 2. Config the outer to forward all TCP requests directly to MS SBS > (192.168.1.101) > Firewall: > iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT > > On both way's a tried to include Source/Destination-IP, > incoming/outgoing > devices, but without any positive results. Which way I should follow > generally? > > There get some packages through the firewall using both > solutions (I can see > an incoming connections in the Terminal-Servers log files) > but no correct > connection can be established. > > Thanks for your help > > > >
